Author Topic: Overlooked Down in Virus & Worms!  (Read 2154 times)

0 Members and 1 Guest are viewing this topic.

Offline LaFemmeMichele

  • Jr. Member
  • **
  • Posts: 68
Overlooked Down in Virus & Worms!
« on: December 03, 2006, 05:45:52 PM »
Would like to understand the possible correlation between Active Backdoors & my Trojan-Dropper.Win32.Paradrop.a found in C:/Windows/System32/atiptaxx.exe.

I was given a link to interpret my own HJT log!

I wasn't asking Avast to interpret it, for I didn't know you did that! I just wanted some insight into the relationship beteween Actice Backdoors & my guest in Windows/System32 after reading "whocares" article!

Please help!

http://forum.avast.com/index.php?topic=25194.0

Thank you!
O how I long for the days when a geek was merely a performer of the grotesque.   -M

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Overlooked Down in Virus & Worms!
« Reply #1 on: December 03, 2006, 06:14:01 PM »
Hi I have just had a look at your log and I notice that you have selective start-up under MSConfig.  This may be hiding some unusual visitors however the rest of your log was clean apart from the one item I could find little info about One Button.

The  Ati2mdxx.exe file is a legitimate ATI file in the right place so it may well be a false positive.  You could check this by uploading the file to Jotti for analysis http://virusscan.jotti.org/

Offline LaFemmeMichele

  • Jr. Member
  • **
  • Posts: 68
Re: Overlooked Down in Virus & Worms!
« Reply #2 on: December 03, 2006, 06:51:32 PM »
Essexboy Thank You!

  What I'm trying to find out is whether or not my system has been compromised to the point of needing to reformat because of having found a trojan in Windows/System32.

   Apitaxx was the exe part not Api2mdxx & I know they are legitimate. Glad to here it's clean! (The one button/prolific thing has been a mystery to me too for few months.)

   A2 found that particular trojan twice. I spent six hours on a MS paid support call Friday trying to get rid of the Denial Access Error in MSCONFIG to no avail. We clean booted, advanced clean booted, & hardware clean booted--so needless to say I was out of selective service mode. We went inti Binaries>Msconfig & granted all groups permission. The error remains!

"System Configuration
An Access Denial Error was returned while attempting to change a service. You may need to log on as an administrator account to make the specified changes." 

  This happens when logged on as an administrator when I press OK or make changes in MSCONFIG. (It wasn't until I deleted the tojan that I was allowed to use MSCONFIG--after I was able to untick apitaxx from startup & use System Configuration again. (This is why I don't believe the trojan was a false positive.)

   I was thinking about going into the registry today to see if HKEY_LOCAL_MACHINE_SOFTWARE had an Administrator present/available. The MS tech wouldn't allow me to do this--beginning support guy! I sent my first email a year ago, I'm no tech--MS!!! It was also suggested I use djlizard's Dial-a-Fix to restore Permissions MS tech said no to this too! The program is Beta & I'm a novice. Whatcha think Essexboy?

Addendum: I've just come from Jotti. I'm not sure how you scan file at a time (was looking at TotalVirus scan earlier). Do I send atiptaxx.exe or Ati2mdxx.exe to them & how?!! What/how does one do this? Sorry for my newbishness! Thanks, Essexboy.
« Last Edit: December 03, 2006, 07:48:19 PM by LaFemmeMichele »
O how I long for the days when a geek was merely a performer of the grotesque.   -M

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Overlooked Down in Virus & Worms!
« Reply #3 on: December 03, 2006, 07:14:07 PM »
No problem Michele if you go to Jotti at the top is a browse button click that and it will open YOUR computer file system.  Navigate to the required files and left click then press the submit button.  I am currently looking at how to reset your MSconfig permissions

Offline LaFemmeMichele

  • Jr. Member
  • **
  • Posts: 68
Re: Overlooked Down in Virus & Worms!
« Reply #4 on: December 03, 2006, 07:18:08 PM »
Wonderful! :)


Jotti found nothing when scanned ATI2mdxx.exe, apitaxx.dll (couldn't find apitaxx.exe!?) & Onebtn.


I repeated & posted HJT log in Normal mode. A link:



http://forums.spywareinfo.com/index.php?showtopic=90175&
« Last Edit: December 03, 2006, 09:19:08 PM by LaFemmeMichele »
O how I long for the days when a geek was merely a performer of the grotesque.   -M

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Overlooked Down in Virus & Worms!
« Reply #5 on: December 03, 2006, 11:04:23 PM »
Hi Michele you are no longer running selective start. Does that mean your MSConfig problem is fixed ?  Apart from that you are squeeky clean  ;D  Still can't find anything concrete on one button apart from an advertising site... If you do not use it it might be worth while initially disabling the start up from within HJT by placing a check mark against and clicking fix.  If after a while you find that you do not need it you can uninstall it.  I had a look at djlizard's Dial-a-Fix and could see nothing dangerous about it, as all it does is re-install the default configurations using a windows file... 

Be at peace now   ::)

Offline LaFemmeMichele

  • Jr. Member
  • **
  • Posts: 68
Re: Overlooked Down in Virus & Worms!
« Reply #6 on: December 03, 2006, 11:44:07 PM »
Hello There! :)

   I went into Normal mode when I realized I hadn't scanned in it. So after the HJT I'm back in Selective mode (how I untick Startup). The Access Denial Error MSCONFIG is still here!

   I'm so happy you have pronounced me clean!
 
   MS is having a higher tier tech phone back. Maybe I should wait & see if he will let me run a third party solution (I have a fear of getting stuck in the middle without knowing a proper selection on my own). MS may actually have a fix. The only thing I found online re this error was in WinITPro forum & you have to be a tech to join. Thought about fabricating a business name with a go ahead & spam me email box in order to communicate! 

   I remember I eventually figured out the Onebtn/Prolific thing & it was ok, but it escapes me at the moment.     

   Thank you so much Essexboy for your attention. I appreciate it.
O how I long for the days when a geek was merely a performer of the grotesque.   -M

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Overlooked Down in Virus & Worms!
« Reply #7 on: December 03, 2006, 11:48:39 PM »
No problem I will still research that error though in case I come across it elsewhere  8)